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DETAILED ACTION 
Response to Amendment 

1 . In response to the amendment received on June 7, 2005. Claims 1-20 were 
originally received for consideration. Per the received amendment, claims 1,7,13, and 
19 have been amended. No claims were cancelled or added. Claims 1-20 are currently 
being considered. 

Response to Arguments 

2. Applicant's arguments filed on June 7, 2005 have been fully considered but they 
are not persuasive because: 

Regarding independent claims 1,7,13, and 19, the applicant argues that 
the CPA, Henry et al. (U.S. Patent No. 6,856,800), does not teach the newly added 
limitation of "means for providing predefined restricted temporary access to the device if 
the user is locally authenticated" and "means for removing the restricted temporary 
access to predefined access areas if remote authentication is successful." This 
argument is not found persuasive. The examiner notes that there is no explicit mention 
of the terms "restricted access" or "access areas." Therefore, using the interpretation of 
"restricted access" as being less than the full access. Therefore, the CPA is believed to 
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teach these aspects as after a local authentication, only a temporary access is granted 
to a user (Figure 4 item 404, column 3 lines 5-33), which is restricted in the terms that it 
has a limited valid time span. Therefore, with this view of "restricted area" and 
interpreting "access areas" as the areas that are accessed during the temporary access, 
the CPA is believed to teach these new limitations. Furthermore, regarding claim 19, 
the applicant argues that the CPA does not teach newly added limitation "means for 
limiting a number of times that a particular client database and/or record in any, or all, of 
the client databases will be updated during any period of time and/or total number of 
updates." Applicant's arguments with respect to claim 19 have been considered but are 
moot in view of the new ground(s) of rejection using Hosein et al. (U.S. Patent No. 
6,430,694). 

The rejections for the claims 1-20 are given below. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

3. Claims 1,7,13, and 19 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Page 13, lines 4-13, correspond to 
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paragraph 31 , of the applicant's patent publication. This disclosure is not sufficient to 
convey to one of ordinary skill in the art that the applicant's invention included "restricted 
temporary access" or "predefined access areas." These two limitations have not been 
sufficiently disclosed in the specification. 



Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



4. Claims 1 - 18 are rejected under 35 U.S.C. 102(e) as being anticipated by Henry 
et al. (U.S. Patent No. 6,856,800). 

Regarding claim 1 , Henry discloses: 

A secure computer device, comprising: 

"means for locally-authenticating a user of the device'' (column 2 lines 12-39, 
column 3 lines 1-9, column 4 lines 3-24), wherein an access point receives an 
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authentication credential from a network device (secure computer device) and can 
locally authenticate the user; 

''means for providing predefined restricted temporary access to the device 
is tile user is locally authenticated' (Figure 4 item 404, column 3 lines 5-33), wherein 
the restricted temporary access is restricted in terms of limited valid time span, until a 
remote authentication is sent and can give full access; 

"means for generating a remote authentication request after a successful 
local authentication of the usef (column 3 lines 6-9, column 4 lines 27-30), wherein 
after the local authentication of the user, the access point fonvards the submitted 
credentials to a remote AAA server, which then performs the entire authentication 
process; and 

''means for removing the restricted temporary access to predefined access 
areas if remote authentication is successful' (Figure 4 item 404, column 3 lines 5- 
33), wherein the restricted temporary access is restricted in terms of limited valid time 
span, until a remote authentication is sent and can give full access. 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Henry discloses: 

The device recited in claim 1, further comprising "means for authorizing the 
user in response to the successful local authentication" (column 3 lines 1-9), 
wherein the access point can locally authenticate a user and then grant temporary 
access to the user immediately after the successful completion of the local 
authentication process. 
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Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Henry discloses: 

The device recited in claim 2, further compnsing ''means for withdrawing tiie 
autfiorization in response to a reply from tiie server"' (column 3 lines 7-9, column 5 
lines 4-17), wherein the remote server determines if the credentials are valid, and if the 
credentials are determined to be invalid, a message is sent to the access point which 
terminates the user's temporary access. 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Henry discloses: 
The device recited in claim 1 further comprising "means for updating ttie local 
auttienticating means in response to a reply from tfie server^' (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 

Claim 5 is rejected as applied above in rejecting claim 2. Furthermore, Henry discloses: 
The device recited in claim 2 further comprising "means for updating the local 
authenticating means in response to a reply from the servet (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 

Claim 6 is rejected as applied above in rejecting claim 1. Furthermore, Henry discloses: 
The device recited in claim 3 further comprising "means for updating the local 
authenticating means in response to a reply from the server" (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 
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5. Claims 7 - 1 2 are method claims analogous to the apparatus claims 1 -6 rejected 
above, and therefore, are rejected following the same reasoning. 

6. Claims 1 3 - 1 8 are computer-readable medium claims analogous to the 
apparatus claims 1-6 rejected above, and therefore, are rejected following the same 
reasoning. 



Claim Rejections • 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1 9-20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Henry et al. (U.S. Patent No. 6,856,800) in view of Hosein et al. (U.S. Patent No. 
6,430,694). 

Regarding claim 19, Henry discloses: 

"a client having a client database for locally-authenticating a usei" (column 
2 lines 12-39, column 3 lines 1-9, column 4 lines 3-24), wherein an access point 
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receives an authentication credential from a network device (secure computer device) 
and can locally authenticate the user; 

"an authentication device tiiat provides predefined restricted temporary 
access if tfie user is locally auti^enticated' (Figure 4 item 404, column 3 lines 5-33), 
wherein the restricted temporary access is restricted in terms of limited valid time span, 
until a remote authentication is sent and can give full access; 

"a server, in communication with the client, having a server database for 
remotely-authenticating the use in response to a request from the client after a 
successful local authentication" (column 3 lines 6-9, column 4 lines 27-30), wherein 
after the local authentication of the user, the access point forwards the submitted 
credentials to a remote AAA server, which then performs the entire authentication 
process; 

"wherein the authentication device removes the restricted temporary 
access if remote authentication is successfut (Figure 4 item 404, column 3 lines 5- 
33), wherein the restricted temporary access is restricted in terms of limited valid time 
span, until a remote authentication is sent and can give full access; 

"means for updating the client database according to the results of the 
local and remote authentication" (column 3 lines 27-32), wherein the local database 
is updated with the revocation information. 

Henry does not explicitly disclose "means for limiting a number of times that a 
particular client database and/or record in any, or all, of the client databases will 
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be updated during any period of time and/or total number of updates" . However, 
Hosein discloses a database system, which is modified to include the ability to limit the 
number of data updates, which may be outstanding to the plurality of distributed 
databases during any particular period of time (column 2 lines 59-67). Henry and 
Hosein are analogous arts in that both utilize database systems. Hosein uses a 
modified database system, which can be implemented on any database to limit the 
number of data updates, which may be outstanding to the plurality of distributed 
databases during any particular period of time. This would have been obvious to modify 
the database system of Henry to limit the number of updates in order to avoid the 
possibility of having databases not being synchronized. This would be disadvantageous 
in the system of Henry, because it would be beneficial to have all the local 
authentication clients (access points) to be synchronized with each other, so that a user 
that is being authenticated at one access point would receive the same authentication at 
another access point at approximately the same time (column 2 lines 43-55). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the database system of Henry to include the maximum 
number of outstanding updates, so that the local authentication databases of the local 
authenticating clients would be synchronized. 

Claim 20 is rejected as applied above in rejecting claim 19. Furthermore, Henry 
discloses: 

The secure computer system recited in claim 19, further comprising: 
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''means for authorizing a user in response to a successfui iocal 
autiientication" (column 3 lines 1-9), wherein the access point can locally authenticate 
a user and then grant temporary access to the user immediately after the successful 
completion of the local authentication process; and 

''means for withdrawing the authorization in response to an unsuccessful 
remote authentication" (column 3 lines 7-9, column 5 lines 4-17), wherein the remote 
server determines if the credentials are valid, and if the credentials are determined to be 
invalid, a message is sent to the access point which terminates the user's temporary 
access. 

Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3786. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). ^ 
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